Meet AWS Frontier Agents: Autonomous AI That Codes, Secures, and Runs Software
AWS introduces a new class of autonomous agents designed to handle development, security, and DevOps tasks without constant human oversight
Amazon Web Services is joining the list of companies embracing agent sprawl in the workplace. Call it whatever you like—the rise of the agentic enterprise or Frontier Firm—tech companies believe the future of work will be one where AI-powered agents will not only aid humans, but simultaneously collaborate with each other. But the world won’t be made up of the current makeup of bots. Instead, it’ll be dominated by autonomous ones.
As part of this year’s re:Invent conference, AWS is announcing a new class of AI agents called frontier agents, designed to reimagine how software is built, secured, and operated. The concept behind this technology came from lessons the AWS team learned while observing skyrocketing developer adoption of its Kiro agentic IDE. That was when they identified three characteristics of what future agents needed to look like:
They needed to run autonomously: Humans shouldn’t have to babysit these bots any longer.
They should be massively scalable: Rather than handling one task at a time, agents should be able to work on multiple tasks simultaneously.
They need to be long-running: Frontier agents don’t need to sleep, so why not have them operate around the clock to complete tasks?
These characteristics led to the development of three of the first frontier agents: Kiro Autonomous Agent, AWS Security Agent, and AWS DevOps Agent.
Disclosure: I am attending AWS’ 2025 re:Invent as a guest, with a portion of my travel expenses covered by the company. However, Amazon did not influence the content of this post—these thoughts are entirely my own.
Kiro Autonomous Agent
The Kiro Autonomous Agent builds on the spec-driven agentic development tool AWS previewed in July. Unlike traditional coding tools, this Kiro autonomous agent maintains persistent context across sessions and continuously monitors your pull requests and feedback, learning as it works. This allows it to operate with a deeper understanding of your codebase and workflow over time, rather than relying on constant human input.
Traditional AI coding tools, by contrast, still depend heavily on humans to keep projects moving—rebuilding context when switching tasks, coordinating cross-repository changes, and piecing together information scattered across tickets, pull requests, and chat threads. That friction slows development and pulls engineers away from higher-value, strategic work, leaving them tied to repetitive, manual tasks that Kiro is designed to handle autonomously.
None of that should be a problem for this new Kiro Autonomous Agent. AWS claims it can handle triaging bugs, improving code coverage, and everything in between, and even across multiple repositories. Although it will operate without human-approved checkpoints and act like a regular teammate, it hasn’t quite abandoned the human-in-the-loop principle. In fact, when assigned a task from a GitHub backlog, the agent will first independently determine how to complete the assignment before sharing changes as proposed edits or pull requests.
And if teams are using the Kiro Autonomous Agent, it can act as a shared resource, trained on everyone’s codebase, products, and standards. It can connect with the team’s repositories, pipelines, and tools like Jira, GitHub, and Slack.
AWS Security Agent
With the new AWS Security Agent, developers may not have to worry about their apps anymore because this frontier agent is designed to make sure they’re secure right from the start, especially across AWS, multicloud, and hybrid environments. “What if security could deliver tailored guidance throughout the lifecycle and make comprehensive testing available on demand?,” AWS posits.
This agent brings expert-level security oversight to every stage of software development. It reviews design documents, scans pull requests, and enforces an organization’s security standards automatically, flagging the risks that matter most instead of generic issues. Penetration testing, which traditionally can be slow and resource-intensive, becomes an on-demand capability that scales across multiple applications. The AWS Security Agent not only identifies vulnerabilities but also provides validated fixes, saving teams valuable time and reducing manual effort. By continuously monitoring security from design through deployment, it allows developers to move quickly without compromising safety, catching issues early so teams can focus on building features rather than firefighting breaches.
“AWS Security Agent helped catch a business logic bug that no existing tools would have caught, exposing information improperly,” claims SmugMug staff software engineer, Andres Ruiz, in a statement. The image sharing and hosting platform is one of the first to deploy this frontier agent, using it to change its security testing approach. “To any other tool, this would have been invisible. But the ability for Security Agent to contextualize the information, parse the API response, and find the unexpected information there represents a leap forward in automated security testing. Existing tools today lack this capability, and likely only a human tester would have been able to catch this.”
AWS DevOps Agent
The final autonomous agent is built to let development teams spend less time chasing alerts and more time focusing on meaningful work. The AWS DevOps Agent moves teams away from constant, reactive firefighting when applications fail, helping them shift toward proactive, continuous improvements that enhance reliability and performance. Instead of having human workers on call throughout the night, why not let a bot do it?
Shuck the emergency pager and entrust this frontier agent to be available when incidents happen. AWS boasts that it will instantly respond to issues and use its knowledge of the application and the relationship between components to troubleshoot the issue. It’s trained on the organization’s resources and connections with observability tools, including Amazon CloudWatch, Dynatrace, Datadog, New Relic, and Splunk, along with runbooks, code repositories, and CI/CD pipelines.
The AWS DevOps Agent provides 24/7 incident triage, guided resolution, and recommendations on how teams can boost reliability and performance of the apps across AWS, multicloud, and hybrid environments.
The Commonwealth Bank of Australia, which manages over 1,700 AWS accounts for thousands of engineers, put the AWS DevOps Agent to the test while developing its next-generation internal cloud platform. Reportedly, the bank’s Cloud Foundations team recreated a complex network and identity management issue, and while such problems could take a senior DevOps engineer hours to resolve, the agent pinpointed the root cause in under 15 minutes.
“AWS DevOps Agent thinks and acts like a seasoned DevOps engineer, helping our engineers build a banking infrastructure that’s faster, more resilient, and designed to deliver better experiences for our customers,” says Jason Sandery, head of cloud services at Commonwealth Bank of Australia. “This isn’t just about faster resolution times—it’s about maintaining the trust our customers put in us.”
All of these frontier agents are in preview today.